Current and traditional FreeBSD behavior means that getegid() here is the first element in the prior setgroups() call, if any, so we may inadvertently wipe out our rgid with the unprivileged gid. This is rendered somewhat harmless by the fact that we're losing the privileged gid -- we'll still regain it as the egid in restore_uid() later by way of restoring saved_egroups, rather than by intentionally restoring it from getgid(). This will be promptly reverted if we can get setgroups(2)/getgroups(2) changed in FreeBSD 15.0, but it seemed wise to get this technically correct for previous branches. Reviewed by: jlduran Differential Revision: https://reviews.freebsd.org/D51753